GRC Engineer

GRC Engineer

Are you frustrated seeing great companies and their people negatively impacted by cybersecurity threats and bad actors? So are we.

We have made it our mission to improve our customers’ security programs by positioning security to be an enabler for growth and profitability in their business while reducing their chances of being negatively impacted by cybersecurity threats and bad actors.

Company Description

Seiso provides Security Simplified, offering frictionless, agile security programs tailored to match the speed and demands of modern pipelines. The company focuses on maximizing security with simplicity to provide information security solutions that are easy to understand and use. Seiso has a strong reputation for building highly customized information security systems for various sectors and has been recognized for its excellence by industry awards.

Join us in helping our customers establish a security program that operates in all the right ways and fosters a continuous improvement mentality.

Who We Are: Seiso’s culture can be summarized through our Core Values.

• Seiso : Exemplify our name by designing neat, clean, and organized solutions both internally and for our clients.
• Curiosity : Ask questions, think deeply and critically, consistently learn from and teach others, regularly improve and grow.
• Balance: Seek to demonstrate continual improvement with a reasonable, risk-based approach.
• Initiative : Demonstrate a true passion for building something great (sometimes from nothing) and willing to push to achieve success.

The Position : We’re looking for a GRC Engineer focused on expanding their knowledge in the GRC practice, who has a passion for Security and is seeking the opportunity to work with some of the most technologically diverse clients in the U.S.

This is a full-time remote role for a GRC Engineer at Seiso. The GRC Engineer will be responsible for day-to-day tasks related to governance, risk management, and compliance (GRC) activities. This includes assessing security risks, developing risk management strategies, ensuring compliance with regulations, and implementing security measures to protect company assets for our customers.

The Location: This is a remote-first position servicing clients across the United States.

Who Are You?

• You are a driven individual and prefer a people-focused, team-based environment that thrives on continuous development, continuous improvement, and constant communication.
• Your ideal organization allows for a remote-first workforce, as well as in-person activities for project focus work and team-building opportunities.
• You seek to be challenged in the Information Security field through direct community involvement, skills and capabilities improvement, and a proactive approach to security consultation.
• You are passionate about protecting the modern digital landscape being utilized in some of the highest risk environments, and ultimately, the people and data relying on the secure operation of technology.

Requirements:

• Experience in Governance, Risk, and Compliance with a focus on protecting companies through building a security program, security governance documentation, and engineering systems to be robust and resistant to attack.
• Experience with common security frameworks and regulations such as ISO 27001/2, SOC2, HIPAA / HITECH, SOX, PCI-DSS, GDPR, NIST 800 series, ITIL, and CMMC.
• Familiarity with risk assessments, managing third-party risk, and risk management programs.
• Ability to write clear and concise information security policies, standards, and processes.
• Experience with GRC tools and tracking mechanisms and assist in implementing process automation solutions in a client-facing environment

Responsibilities:

• Advise others of information security concepts using presentations, reports, examples, and visualizations.
• Provide support for other Engineers during assessments of client environments against industry standard frameworks to identify client’s current state of program maturity and identify applicable risks.
• Create, develop, mature, and contribute to Seiso’s catalog of GRC services through product ownership and idea generation based on organizational goals.
• Work with clients to identify and document their desired maturity state and risk-balanced state and develop a gap assessment and roadmap to guide the process of maturing towards their desired state.
• Advise client’s teams at all levels from the C-Suite to individual contributors regarding information security governance through mediums such as presentations, reports, and visualizations.
• Contribute to the development of best practice frameworks suitable for use during assessments and improvement planning, and integration with assessment toolsets.

Additional Notes

• Applicant must have the ability to work with computers for extended periods of time.
• Seiso offers competitive benefits packages such as Medical, Dental, and Vision insurance, a 401k with company match, and generous paid time-off and holidays.
• Must be authorized to work in the United States.
• This is not an all-inclusive document. Additional duties, expectations, demands, etc. may be added or changed to this document on an as-needed basis in order to meet organizational needs.